Technology - on my desktop

Expert advice on how to keep your computer healthy.

E-doctor's tips

If you were one of the unwilling recipients of the Mellisa virus that infected millions of computers around the world in 1999, or the willing reader of the 'ILoveYou' email that bore within its content a Visual Basic worm of excellent and elusive engineering, you may know what it's like to have your computer infected.

If you ever travelled to Amsterdam to collect your 'newly won inheritance' from an uncle you can't quite remember, then you are no stranger to phishing. And if your computer is a zombie, with a Trojan in its internals (whether you knew it or not), then perhaps it participated in crashing Estonia's banking and government computer systems last summer.

Billions of dollars have been poured into securing and recovering our computers from the damage caused by viruses. Some claim that a lot of money has also been spent on developing such viruses, in order to keep the anti-virus industry in demand. Whatever the causes, the onus remains on you, the user, to prevent a virus from infiltrating your computer's defence systems and unleashing its malicious content on your fragile digital device. And, more often than not, it is also you who is primarily responsible for having downloaded and executed that virus in the first place, or clicked a link to see an eCard from a charming friend you never met.

Doggerel of a virus

The first recognised instance of a spreadable computer virus was the Elk Cloner. It was written around 1982 by a 15-year-old high school student Rich Skrenta and was aimed at Apple II systems. Elk Cloner spread by infecting the Apple II's operating system and was transmitted on floppy disks. When the computer was booted from an infected floppy, the virus would display a short 'poem':

Elk Cloner: The program with a personality

It will get on all your disks

It will infiltrate your chips

Yes it's Cloner!

It will stick to you like glue

It will modify ram too

Send in the Cloner!

 

The Morris Worm, written by Robert Tappan Morris in 1998, became the first well-known malware spread on the Internet. It was estimated to have infected around 6,000 computers worldwide and led to the creation of a new industry for countering similar attacks headed by  CERT (Computer Emergency Response Team), a US federal-funded research institute and development centre (www.cert.org [new window]).

In 1999, BubbleBoy became the first ever worm that did not depend on the user opening an email attachment to be infected. As soon as the infected email message was viewed, the worm was set to work. This trend was followed by many virus writers and continues to baffle the most expensive security systems, while preying on our never-ending curiosity to see the content of a suspicious-looking email.

Simultaneous attacks of the Blaster and Sobig worms in 2003 caused enormous damage to millions of computers, severely crippling Internet speeds. Eighteen-year-old Jeffrey Lee Parson from Minnesota pleaded guilty to writing and releasing the Blaster.B variant and was jailed for 18 months, becoming the youngest ever virus writer to be imprisoned.

Around five years ago, Botnets became all the rage online. They comprise large numbers of computers infected by a trojan. The writer (distributor) is handed control of the computer's vital functions and uses it as a spam relay or server. Often the infected machine is organised to perform distributed denial of service (DDOS) attacks on certain websites and Internet services.

Mydoom & gloom

At its peak, the MyDoom trojan of 2004 accounted for some
20 per cent of all emails sent on the Internet. Microsoft and the SCO group offered rewards of $250,000 each to find its creators before their websites were taken offline by a MyDoom coordinated DDOS attack. In July of the same year, a variation of MyDoom launched one of the biggest attacks to date, involving more than a million computers. Google, AltaVista, Lycos tasted dust  as their search engines were brought down.

A week after the removal of a Second World War statue of a Soviet soldier from a central square in Talinn, Estonia last year, the largest cyber attack against a sovereign country to date began. It persisted for two weeks and managed to bring down a considerable portion of Estonia's ministries, finance and public service networks. Had it lasted a little longer, admitted a member of the Estonian CERT, "we might not have survived it".

Mobile phones and PDAs are also affected in today's virus-filled world, taking advantage of Bluetooth and Media Messaging to spread themselves around. BlackBerries, with a vulnerability that allows malware to become trusted applications, are not excluded. Skype and MSN, iMac built-in video cameras and even newly released wireless pacemakers can all be 'owned' by a virus writer.

Malicious PHP code has been found in images on photo-sharing websites and millions of unsuspecting (and poorly configured or not updated) Web platforms have been 'injected' with viral code. Either our ignorance or their creativity has spawned a hostile digital world with little room for error.

 The burden of keeping your computer and those of all Internet users out there malware-free rests entirely on our own shoulders. A technical and a common-sense approach is required to begin the battle.

Our gullibility is our biggest flaw when it comes to staying virus-free. Hastily clicking 'OK' to an Internet browser's warning message, blindly downloading every useless bit of software and curiously opening another email from the 'Standard Bank of London' (which I've just received in my inbox) is the main cause of malware infection.

Browsing to infected websites is about as high on the danger barometre and is the main ambition of today's email phishing attacks. How does one know if a website will install malicious code? Well, you cannot know. Your only options are careful analysis of addresses you click on, deciding whether it is at all necessary for you to go there and a strong layer of security software.

Numerous studies have shown that when our sensory receptors are excited, we alter our behaviour to become less cautious. It's not rocket science to infect a computer with a worm which then sends itself out to everyone on the address book purporting in the subject line 'a secret, between you and I'. A little unfair that we can no longer send genuine messages as such to each other, but it is too late for that. We need to get accustomed to emotionless subject lines and strictly serious Internet browsing.

Dmitri Vitaliev is an independent digital security consultant

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them

Close